[146541] in cryptography@c2.net mail archive
Re: [Cryptography] FIPS, NIST and ITAR questions
daemon@ATHENA.MIT.EDU (Richard Salz)
Tue Sep 3 14:52:20 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <1863868727-1378227272-cardhu_decombobulator_blackberry.rim.net-828928814-@b14.c9.bise6.blackberry>
Date: Tue, 3 Sep 2013 14:49:49 -0400
From: Richard Salz <rich.salz@gmail.com>
To: radix42@gmail.com
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
> ITAR doesn't require a license or permit for strong hash functions, but for US persons
> require(d?) notification of NSA of authorship, contact email and download URL(s), at least in
> 2006 it did.
That strikes me as an overly-conservative reading of the rules, but
it's been some time since I was involved in this stuff. After all,
there is no key in a hash function. Notification was required for open
source, or a commodity classification for a product that had general
encryption facilities.
If the notification for hash is (still?) required, I believe you can
do it now via a simple phone call. To anyone. #thanks_prism.
/r$
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
